Abstract: The MQV protocol of Law, Menezes, Qu, Solinas and Vanstone is possibly the most efficient of all known authenticated Diffie-Hellman protocols that use public-key authentication. In addition to great performance, the protocol has been designed to achieve a remarkable list of security properties. As a result MQV has been widely standardized, and has recently been chosen by the NSA as the key exchange mechanism underlying “the next generation cryptography to protect US government information”. One question that has not been settled so far is whether the protocol can be proven secure in a rigorous model of key-exchange security. In order to provide an answer to this question we analyze the MQV protocol in the Canetti-Krawczyk model of key exchange. Unfortunately, we show that MQV fails to a variety of attacks in this model that invalidate its basic security as well as many of its stated security goals. On the basis of these findings, we present HMQV, a carefully designed variant of MQV, that provides the same superb performance and functionality of the original protocol but for which all the MQV's security goals can be formally proved to hold in the random oracle model under the computational Diffie-Hellman assumption. We base the design and proof of HMQV on a new form of “challenge-response signatures”, derived from the Schnorr identification scheme, that have the property that both the challenger and signer can compute the same signature; the former by having chosen the challenge and the latter by knowing the private signature key.

Abstract: Radio-frequency identification tokens, such as contactless smartcards, are vulnerable to relay attacks if they are used for proximity authentication. Attackers can circumvent the limited range of the radio channel using transponders that forward exchanged signals over larger distances. Cryptographic distance-bounding protocols that measure accurately the round-trip delay of the radio signal provide a possible countermeasure. They infer an upper bound for the distance between the reader and the token from the fact that no information can propagate faster than at the speed of light. We propose a new distance-bounding protocol based on ultra-wideband pulse communication. Aimed at being implementable using only simple, asynchronous, low-power hardware in the token, it is particularly well suited for use in passive low-cost tokens, noisy environments and high-speed applications.

Abstract: Current mechanisms for authenticating communication between devices that share no prior context are inconvenient for ordinary users, without the assistance of a trusted authority. We present and analyze seeing-is-believing, a system that utilizes 2D barcodes and camera-telephones to implement a visual channel for authentication and demonstrative identification of devices. We apply this visual channel to several problems in computer security, including authenticated key exchange between devices that share no prior context, establishment of a trusted path for configuration of a TCG-compliant computing platform, and secure device configuration in the context of a smart home.

Abstract: Keystroke dynamics can be useful to ascertain personal identity even after an authentication phase has been passed, provided that we are able to deal with the typing rhythms of free text, chosen and entered by users without any specific constraint. In this paper we present a method to compare typing samples of free text that can be used to verify personal identity. We have tested our technique with a wide set of experiments on 205 individuals, obtaining a False Alarm Rate of less than 5% and an Impostor Pass Rate of less than 0.005%. Different trade-offs are, however, possible. Our approach can rely on what is typed by people because of their normal job, and a few lines of text, even collected in different working sessions, are sufficient to reach a high level of accuracy, which improves proportionally to the amount of available information: As a consequence, we argue that our method can be useful in computer security as a complementary or alternative way to user authentication and as an aid to intrusion detection.

Abstract: RFID identification is a new technology that will become ubiquitous as RFID tags will be applied to every-day items in order to yield great productivity gains or “smart” applications for users. However, this pervasive use of RFID tags opens up the possibility for various attacks violating user privacy. In this work we present an RFID authentication protocol that enforces user privacy and protects against tag cloning. We designed our protocol with both tag-to-reader and reader-to-tag authentication in mind; unless both types of authentication are applied, any protocol can be shown to be prone to either cloning or privacy attacks. Our scheme is based on the use of a secret shared between tag and database that is refreshed to avoid tag tracing. However, this is done in such a way so that efficiency of identification is not sacrificed. Additionally, our protocol is very simple and it can be implemented easily with the use of standard cryptographic hash functions. In analyzing our protocol, we identify several attacks that can be applied to RFID protocols and we demonstrate the security of our scheme. Furthermore, we show how forward privacy is guaranteed; messages seen today will still be valid in the future, even after the tag has been compromised.

Abstract: Poly1305-AES is a state-of-the-art message-authentication code suitable for a wide variety of applications. Poly1305-AES computes a 16-byte authenticator of a variable-length message, using a 16-byte AES key, a 16-byte additional key, and a 16-byte nonce. The security of Poly1305-AES is very close to the security of AES; the security gap is at most 14D⌈L/16⌉/2106 if messages have at most L bytes, the attacker sees at most 264 authenticated messages, and the attacker attempts D forgeries. Poly1305-AES can be computed at extremely high speed: for example, fewer than 3.1l+780 Athlon cycles for an l-byte message. This speed is achieved without precomputation; consequently, 1000 keys can be handled simultaneously without cache misses. Special-purpose hardware can compute Poly1305-AES at even higher speed. Poly1305-AES is parallelizable, incremental, and not subject to any intellectual-property claims.

Abstract: Biometrics-based user authentication has several advantages over traditional password-based systems for standalone authentication applications, such as secure cellular phone access. This is also true for new authentication architectures known as crypto-biometric systems, where cryptography and biometrics are merged to achieve high security and user convenience at the same time. In this paper, we explore the realization of a previously proposed cryptographic construct, called fuzzy vault, with the fingerprint minutiae data. This construct aims to secure critical data (e.g., secret encryption key) with the fingerprint data in a way that only the authorized user can access the secret by providing the valid fingerprint. The results show that 128-bit AES keys can be secured with fingerprint minutiae data using the proposed system.

Abstract: A system for a plurality of users to share resources with access, control and configuration based on pre-defined relationships of trust between the users of the system. A computer-based authority provides the services of authentication, identification and verification of each user within network. Processes are described that leads to the formation of an electronic community, which facilitates electronic communication and transactions in a defined manner.

Abstract: Within the next year, travelers from dozens of nations may be carrying a new form of passport in response to a mandate by the United States government. The e-passport, as it is sometimes called, represents a bold initiative in the deployment of two new technologies: Radio-Frequency Identification (RFID) and biometrics. Important in their own right, e-passports are also the harbinger of a wave of next-generation ID cards: several national governments plan to deploy identity cards integrating RFID and biometrics for domestic use. We explore the privacy and security implications of this impending worldwide experiment in next-generation authentication technology. We describe privacy and security issues that apply to e-passports, then analyze these issues in the context of the International Civil Aviation Organization (ICAO) standard for e-passports.

Abstract: Recent denial of service attacks are mounted by professionals using Botnets of tens of thousands of compromised machines. To circumvent detection, attackers are increasingly moving away from bandwidth floods to attacks that mimic the Web browsing behavior of a large number of clients, and target expensive higher-layer resources such as CPU, database and disk bandwidth. The resulting attacks are hard to defend against using standard techniques, as the malicious requests differ from the legitimate ones in intent but not in content.We present the design and implementation of Kill-Bots, a kernel extension to protect Web servers against DDoS attacks that masquerade as flash crowds. Kill-Bots provides authentication using graphical tests but is different from other systems that use graphical tests. First, Kill-Bots uses an intermediate stage to identify the IP addresses that ignore the test, and persistently bombard the server with requests despite repeated failures at solving the tests. These machines are bots because their intent is to congest the server. Once these machines are identified, Kill-Bots blocks their requests, turns the graphical tests off, and allows access to legitimate users who are unable or unwilling to solve graphical tests. Second, Kill-Bots sends a test and checks the client's answer without allowing unauthenticated clients access to sockets, TCBs, and worker processes. Thus, it protects the authentication mechanism from being DDoSed. Third, Kill-Bots combines authentication with admission control. As a result, it improves performance, regardless of whether the server overload is caused by DDoS or a true Flash Crowd.

Abstract: A financial transaction system utilizes multi-factor authentication to secure financial transactions. The system comprises a portable transaction device (e.g. a wireless phone) which is used to program the magnetically or electronically reprogrammable stripe of a magnetic stripe card or the memory of a smart card. A single-use account number may be used to program the card. The device provides biometric authentication and secondary authentication using a secondary wireless device. The device and the programmed cards are used in various financial transactions.

Abstract: Many sensor network applications require sensors' locations to function correctly. Despite the recent advances, location discovery for sensor networks in hostile environments has been mostly overlooked. Most of the existing localization protocols for sensor networks are vulnerable in hostile environments. The security of location discovery can certainly be enhanced by authentication. However, the possible node compromises and the fact that location determination uses certain physical features (e.g., received signal strength) of radio signals make authentication not as effective as in traditional security applications. This paper presents two methods to tolerate malicious attacks against beacon-based location discovery in sensor networks. The first method filters out malicious beacon signals on the basis of the "consistency" among multiple beacon signals, while the second method tolerates malicious beacon signals by adopting an it era lively refined voting scheme. Both methods can survive malicious attacks even if the attacks bypass authentication, provided that the benign beacon signals constitute the majority of the "consistent" beacon signals. This paper also presents the implementation of these techniques on MICA2 motes running TinyOS, and the evaluation through both simulation and field experiments. The experimental results demonstrate that the proposed methods are promising for the current generation of sensor networks.

Abstract: Biometric data offer a potential source of high-entropy, secret information that can be used in cryptographic protocols provided two issues are addressed: (1) biometric data are not uniformly distributed; and (2) they are not exactly reproducible. Recent work, most notably that of Dodis, Reyzin, and Smith, has shown how these obstacles may be overcome by allowing some auxiliary public information to be reliably sent from a server to the human user. Subsequent work of Boyen has shown how to extend these techniques, in the random oracle model, to enable unidirectional authentication from the user to the server without the assumption of a reliable communication channel. We show two efficient techniques enabling the use of biometric data to achieve mutual authentication or authenticated key exchange over a completely insecure (i.e., adversarially controlled) channel. In addition to achieving stronger security guarantees than the work of Boyen, we improve upon his solution in a number of other respects: we tolerate a broader class of errors and, in one case, improve upon the parameters of his solution and give a proof of security in the standard model.

Abstract: The “All In One Remote Keys” (AIORK) for (GSM, UMTS, W-LAN, Bluetooth, RFID-transceiver) mobile phones and/or extension kits is a universal key for all kind of locks, gates or entrances and it has a direct payment- and clearing function for electronic (Bluetooth, WLan, GSM and esp. NFC RFID-) cash payments for all consumed accesses, services or information. The input can be made by fingerprint or oral with direct biometric sensor confirmation. The NFC transceiver is for: Info-download, direct-cash-payment, access-control, function control, authentification of internet-auctions, -betting and -stock transactions and of such information and over all for RFID-tag identification of worthy objects, electronic devices and parts etc. with GSM based Internet website or account clearing. And it is running and lets manage a mobile-phone-platform with video-clip-hitcharts, which is with fingerprint-sensor authentication the best quality bringing solution for e.g. news etc. looking mobile video phone user/consumer and which is so finally the only functioning or establishing mobile video phone solution.

Abstract: An apparatus, method and program product receive remote identification data from an identification device (12) associated with a user account in response to initiation of an electronic transaction at a terminal (22). The identifying device communicates the remote identification data to a processing system (16), where it is compared against stored authentication data associated with the user account. The processing system (16) communicates verification to the terminal (22) if a match is determined, allowing the electronic transaction to proceed.

Abstract: This document specifies three sets of new ciphersuites for the Transport Layer Security (TLS) protocol to support authentication based on pre-shared keys. These pre-shared keys are symmetric keys, shared in advance among the communicating parties. The first set of ciphersuites uses only symmetric key operations for authentication. The second set uses a Diffie-Hellman exchange authenticated with a pre-shared key; and the third set combines public key authentication of the server with pre-shared key authentication of the client.

Abstract: We propose a way to establish peer-to-peer authenticated communications over an insecure channel by using an extra channel which can authenticate very short strings, e.g. 15 bits.We call this SAS-based authentication as for authentication based on Short Authenticated Strings. The extra channel uses a weak notion of authentication in which strings cannot be forged nor modified, but whose delivery can be maliciously stalled, canceled, or replayed. Our protocol is optimal and relies on an extractable or equivocable commitment scheme. This approach offers an alternative (or complement) to public-key infrastructures, since we no longer need any central authority, and to password-based authenticated key exchange, since we no longer need to establish a confidential password. It can be used to establish secure associations in ad-hoc networks. Applications could be the authentication of a public key (e.g. for SSH or PGP) by users over the telephone, the user-aided pairing of wireless (e.g. Bluetooth) devices, or the restore of secure associations in a disaster case, namely when one remote peer had his long-term keys corrupted.

Abstract: This paper uses a static keystroke dynamics in user authentication. The inputs are the key down and up times and the key ASCII codes captured while the user is typing a string. Four features (key code, two keystroke latencies, and key duration) were analyzed and seven experiments were performed combining these features. The results of the experiments were evaluated with three types of user: the legitimate, the impostor and the observer impostor users. The best results were achieved utilizing all features, obtaining a false rejection rate of 1.45% and a false acceptance rate of 1.89%. This approach can be used to improve the usual login-password authentication when the password is no more a secret. This paper innovates using four features to authenticate users.

Abstract: Within the next year, travelers from dozens of nations may be carrying a new form of passport in response to a mandate by the United States government. The e-passport, as it is sometimes called, represents a bold initiative in the deployment of two new technologies: Radio-Frequency Identification (RFID) and biometrics. Important in their own right, e-passports are also the harbinger of a wave of next-generation ID cards: several national governments plan to deploy identity cards integrating RFID and biometrics for domestic use. We explore the privacy and security implications of this impending worldwide experiment in next-generation authentication technology. We describe privacy and security issues that apply to e-passports, then analyze these issues in the context of the International Civil Aviation Organization (ICAO) standard for e-passports.

Abstract: A communication device, a communication method, and an authentication method where dishonest impersonation by a third person is prevented and safety and reliability of authentication processing are improved. A slave (20) sends an authentication request including device information to a mater (10). The master (10) receives the authentication request and causes the device information to be displayed on the screen of a display section (13). A user visually confirms the device information displayed on the screen of the display section (13), determines whether or not to authorize the authentication, and instructs the master (10) about the result through an input section (14). The master (10), having been instructed about the approval/disapproval of the authentication, sends a response according to the instruction to the slave (20).

Abstract: This document introduces Timed Efficient Stream Loss-tolerant Authentication (TESLA). TESLA allows all receivers to check the integrity and authenticate the source of each packet in multicast or broadcast data streams. TESLA requires no trust between receivers, uses low-cost operations per packet at both sender and receiver, can tolerate any level of loss without retransmissions, and requires no per-receiver state at the sender. TESLA can protect receivers against denial of service attacks in certain circumstances. Each receiver must be loosely time-synchronized with the source in order to verify messages, but otherwise receivers do not have to send any messages. TESLA alone cannot support non-repudiation of the data source to third parties. This informational document is intended to assist in writing standardizable and secure specifications for protocols based on TESLA in different contexts. This memo provides information for the Internet community.

Abstract: A telephony system providing automated authentication, adaptive navigation, full voice dictation and outbound calling.

Abstract: A biometric system is vulnerable to a variety of attacks aimed at undermining the integrity of the authentication process. These attacks are intended to either circumvent the security afforded by the system or to deter the normal functioning of the system. We describe the various threats that can be encountered by a biometric system. We specifically focus on attacks designed to elicit information about the original biometric data of an individual from the stored template. A few algorithms presented in the literature are discussed in this regard. We also examine techniques that can be used to deter or detect these attacks. Furthermore, we provide experimental results pertaining to a hybrid system combining biometrics with cryptography, that converts traditional fingerprint templates into novel cryptographic structures.

Abstract: RFID (Radio Frequency Identification) technology is expected to play a critical role in identifying articles and serving the growing need to combat counterfeiting and fraud. However, the use of RFID tags may cause privacy violation of people holding an RFID tag. The main privacy concerns are information leakage of a tag, traceabiltiy of the person and impersonation of a tag. In this paper, we study authentication as a method to protect privacy, especially for low-cost RFID systems, which have much restrictions in limited computing power, low die-size, and low power requirements. Therefore, cost effective means of authentication is needed to deal with these problems effectively. We propose an authentication protocol, LCAP, which needs only two one-way hash function operations and hence is quite efficient. Leakage of information is prevented in the scheme since a tag emits its identifier only after authentication. By refreshing a identifier of a tag in each session, the scheme also provides a location privacy and can recover lost massages from many attacks such as spoofing attacks.

Abstract: The exponential growth in the deployment of IEEE 802.11-based wireless LAN (WLAN) in enterprises and homes makes WLAN an attractive target for attackers. Attacks that exploit vulnerabilities at the IP layer or above can be readily addressed by intrusion detection systems designed for wired networks. However, attacks exploiting link-layer protocol vulnerabilities require a different set of intrusion detection mechanism. Most link-layer attacks in WLANs are denial of service attacks and work by spoofing either access points (APs) or wireless stations. Spoofing is possible because the IEEE 802.11 standard does not provide per-frame source authentication, but can be effectively prevented if a proper authentication is added into the standard. Unfortunately, it is unlikely that commercial WLANs will support link-layer source authentication that covers both management and control frames in the near future. Even if it is available in next-generation WLANs equipments, it cannot protect the large installed base of legacy WLAN devices. This paper proposes an algorithm to detect spoofing by leveraging the sequence number field in the link-layer header of IEEE 802.11 frames, and demonstrates how it can detect various spoofing without modifying the APs or wireless stations. The false positive rate of the proposed algorithm is zero, and the false negative rate is close to zero. In the worst case, the proposed algorithm can detect a spoofing activity, even though it can only detect some but not all spoofed frames.

Abstract: With the evolution of m-Health, an increasing number of biomedical sensors will be worn on or implanted in an individual in the future for the monitoring, diagnosis, and treatment of diseases. For the optimization of resources, it is therefore necessary to investigate how to interconnect these sensors in a wireless body area network, wherein security of private data transmission is always a major concern. This paper proposes a novel solution to tackle the problem of entity authentication in body area sensor network (BASN) for m-Health. Physiological signals detected by biomedical sensors have dual functions: (1) for a specific medical application, and (2) for sensors in the same BASN to recognize each other by biometrics. A feasibility study of proposed entity authentication scheme was carried out on 12 healthy individuals, each with 2 channels of photoplethysmogram (PPG) captured simultaneously at different parts of the body. The beat-to-beat heartbeat interval is used as a biometric characteristic to generate identity of the individual. The results of statistical analysis suggest that it is a possible biometric feature for the entity authentication of BASN

Abstract: While sensor network deployment is becoming more commonplace in environmental, business, and military applications, security of these networks emerges as a critical concern. Without proper security, it is impossible to completely trust the results reported from sensor networks deployed outside of controlled environments. Much of the current research in sensor networks has focused on protocols and authentication schemes for protecting the transport of information. However, all of those schemes are useless if an attacker can obtain a node from the network and extract the appropriate information, such as security keys, from it. We focus our research on the area of secure systems. In this paper we demonstrate the ease with which nodes can be compromised as well as show exactly what information can be obtained and how it can be used to disrupt, falsify data within, or eavesdrop on sensor networks. We then suggest mechanisms to detect intrusions into individual sensor nodes. Finally, we come up with security measures that can be implemented in future generation nodes to improve security.

Abstract: A system and method may allow for extending authentication to a two factor, out of band form, requiring an additional data element or code via a channel different from the channel used for the primary transaction, where the different channel has the attribute that it is difficult or costly to achieve many access points to it, and it is possible to limit the number of users associated with a particular access point to it.